You have notifications pending – Facebook Phishing Fraud

One of the hotter spam tactics right now is stealing legitimate Facebook accounts so the spammer can then use Facebook to spam friends, family, acquaintances and everyone else on Facebook with ease.

The beauty of spamming though Facebook is that the spammers messages will likely get delivered. If you have a Facebook account then you agree to accept message from Facebook, whether they’re spam or not.

Spam sent from hacked and stolen accounts are also more likely to be read by the recipient because millions and millions of Facebook users are lonely and trusting enough to accept friend invitations from anyone who asks.

However, in order to be successful, the spammer needs to first steal the identity of as many legitimate Facebook users as possible and that explains such Phishing fraud emails like this one:

You have notifications pending - Phishing Fraud

Click for Larger Image

The message claims to come from “facebookmail.com” but this is spoofed as these are actually sent from a variety of compromised mail servers throughout the world. Interestingly, the spammers do inject a fake message delivery header in order to trick spam filters into believing that these messages are legitimate Facebook communications.  For instance, a recent copy included:

from [10.18.255.123] ([10.18.255.123:40653]) by mta003.snc1.facebook.com (envelope-from <update+fmfcskhdxzvn@facebookmail.com>)

But this is a completely bogus header, inserted only to confuse spam filters.

In general, these types of scams are rampant right now, and are designed with one goal in mind: to get the recipient to click on they hyper-links which direct you to spoofed Facebook login pages.

If the recipient tries to “log in” all they will actually accomplish is providing their real Facebook username and password to the spammers who will then hijack their account and begin their spamming campaign.

- -

OnlyMyEmail is an award winning hosted spam filtering service and business email hosting provider. Our enterprise cloud computing anti-spam solution, the MX-Defender, has the highest capture rate of any spam filter ever tested in the VBSpam Challenge, blocking a record setting 99.9993% of all malicious and junk email.

Our Personal spam filtering system is also a Software as a Service (SaaS) solution and has won both the PC World "World Class Award" and also the PC Magazine "Editor's Choice Award."

OME-Kids is a webmail solution that protects children from spam and other harmful emails. OME-Kids offers unique Parental Controls that allow you to choose the level of security and oversight that's right for your child.

Tags: , ,

5 Responses to “You have notifications pending – Facebook Phishing Fraud”

  1. Hifan says:

    Also got that mails, am not a member, just wondering how the following login link could be used for phishing, it goes to the real facebook.com as it seems?

    http://www.facebook.com/n/?find-friends%2F&mid=7ef86701cbxxx316ec62fcyyy57d6d&bcode=&n_m=

  2. OnlyMyEmail Anti-Spam Team says:

    Hifan, If that is the link location, it’s real. But, in the one we posted, hovering over the link revealed a different location in the status bar. We probably should have noted that in the post:)

  3. Hifan says:

    OK so perhaps they were real (I also have the facebookmail.com in the headers, but this is probably the same in real and phishing version).

    So, if they are real, can anyone tell me why I get them without being a member? Must I conclude that someone used my email address to register at Facebook? Any chance to find that account by email without registering myself?

  4. Hifan says:

    Just tried password recovery: “The email you entered does not belong to any account.”
    Good. But why the notifications..

  5. cheriecalgary says:

    Hifan,
    The whole point of spam is to hit as many people as possible… they already had your email address and HOPED you had a Facebook account. Have you received any OTHER spam? I’m assuming yes.

    They hope you have a FB account, and that you’ll ‘login’ at the link provided, and then they have your login and password and can hijack your FB account and send virus’s out that way.

    It doesn’t mean someone signed up with your email address.